XPost: alt.privacy.anon-server, sci.crypt   
   From: soul.patch@127.0.0.1   
      
   On Fri, 12 Sep 2025 21:17:33 -0500   
   Soul Patch  wrote:   
      
   > On Fri, 12 Sep 2025 22:58:30 +0200   
   > Gabx  wrote:   
   >   
   > > Gabx wrote:   
   > > > Soul Patch wrote:   
   > > >> Anyway, I'm trying to figure out the best way to run INN news server   
   > > >> totally hidden behind TOR so it can be peered behind TOR encrypted   
   > > >> tunnels and hidden services.   
   > > > If I understand correctly, you don't just want your server to be   
   > > > reachable by onion address from Usenet clients, but you want it also   
   > > > accessible to peers using its onion address.   
   > > >   
   > > > That seems impossible to me, actually.   
   > > > Unless your peers are using Tor themselves.   
   > > >   
   > > > Something like this i think:   
   > > >   
   > > >> torsocks innfeed   
   > >   
   > > I'll venture a guess.   
   > > Try using socat to redirect all incoming connections through the onion   
   > > address, like this:   
   > >   
   > > socat TCP4-LISTEN:9119,fork   
   > > SOCKS4:127.0.0.1:abc123def456.onion:119,socksport=9050   
   > >   
   > > Just an idea, I expect to be insulted, lol!!!   
   >   
   > I like it. Nothing to insult here. It's actually a clever angle.   
   >   
   > I though about routing through a pair of TOR hidden services, using one as   
   an outbound and the other as a loopback target. This would significantly slow   
   things down, but really, it's not like there are going to be tens of thousands   
   of people beating    
   down the door to post.   
   >   
   > Another though I have is that all peers can set up authenticated loopback   
   proxies for their other peers. This would target hybrid clearnet and TOR   
   peering and cut half the onion network latency. But it is also an extra point   
   of failure.   
   >   
   > --   
   > Soul Patch   
   >   
      
   So far it seems it might be possible to create a separate onion address for   
   each incoming peer, then use named pipes with netcat for bidirectional   
   exchange on the same loopback IP.   
      
   Probably simpler is the bind=${IP} parameter in SOCAT with a IP-based   
   netfilter. The same port can be used on different localhost IP addresses,   
   allowing bidirectional forking based upon which IP/port pair the traffic   
   enters. So if traffic is coming in on    
   IP_A it can be forwarded to INN on IP_B. And if traffic is leaving INN on IP_B   
   it can be routed to the socks proxy by netfilter.   
      
   --   
   Soul Patch   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)